中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeTACACS: Terminal Access Controller Access Control System

TACACS: Terminal Access Controller Access Control System

TACACS+ protocol provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services.

TACACS allows a client to accept a username and password and send a query to a TACACS authentication server, sometimes called a TACACS daemon or simply TACACSD. This server was normally a program running on a host. The host would determine whether to accept or deny the request and sent a response back. The TIP would then allow access or not, based upon the response. In this way, the process of making the decision is "opened up" and the algorithms and data used to make the decision are under the complete control of whoever is running the TACACS daemon. The extensions to the protocol provide for more types of authentication requests and more types of response codes than were in the original specification.

There are three versions of TACACS and the third version is called TACACS+, which is not compatible with previous versions.

Protocol Structure

4 bits 8 bits 16 bits 24 bits 32 bits
Major Minor Packet type Sequence no. Flags
Session ID
Length
  • Major version - The major TACACS+ version number.
  • Minor version - The minor TACACS+ version number. This is intended to allow revisions to the TACACS+ protocol while maintaining backwards compatibility.
  • Packet type - Possible values are:
    TAC_PLUS_AUTHEN:= 0x01 (Authentication).
    TAC_PLUS_AUTHOR:= 0x02 (Authorization).
    TAC_PLUS_ACCT:= 0x03 (Accounting).
  • Sequence number - The sequence number of the current packet for the current session.
  • Flags - This field contains various flags in the form of bitmaps. The flag values signify whether the packet is encrypted.
  • Session ID - The ID for this TACACS+ session.
  • Length - The total length of the TACACS+ packet body (not including the header).

Related Terms: TCP, RADIUS

Sponsor Source: TACACS (and TACACS+) is a Cisco protocol.

Reference Links:
http://www.javvin.com/protocol/rfc1492.pdf: An Access Control Protocol, Sometimes Called TACACS
http://www.javvin.com/protocol/tacacs.html : Introduction to TACACS+

‹ Security/VPNupComplete Protocol dictionary, glossary and reference ›

Reply

The content of this field is kept private and will not be shown publicly.
  • Use <!--pagebreak--> to create page breaks.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <!--pagebreak--> <img> <br> <table> <tr> <td> <tbody> <p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
6 + 14 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.